[SOGo] Fwd: webmail login attacks - captcha?

2018-04-25 Thread "George C. Aquino" 
-- Forwarded message --
From: George C. Aquino 
Date: Thu, Apr 26, 2018 at 9:43 AM
Subject: Re: [SOGo] webmail login attacks - captcha?
To: users@sogo.nu


Dear Sir,

Good morning and glad to being connected within here and can you help me to
log in correctly coz I could not do so far. Thnx, Gery.

On Wed, Apr 25, 2018 at 1:00 PM, Christoph Kreutzer  wrote:

> Hi,
>
> If the IPs are all 127.0.0.1 in SOGos log, then you did not correctly
> configure Apache to forward the IPs like proxies do. I think that is
> mentioned in the manual.
>
> Christoph
>
> Am 24.04.2018 um 21:48 schrieb Sergio Cesar winc (ser...@winc.net) <
> users@sogo.nu>:
>
> I wonder if one could user the webserver authentication and pass it to
> SOGo or roundcube. Than fail2ban will catch the ip from the http log.
>
> SC
>
>
> From: Sebastián Meyer
> Sent: Tuesday, April 24, 9:51 AM
> Subject: [SOGo] webmail login attacks - captcha?
> To: users@sogo.nu
>
>
> Hi,
>
> I have a couple of compromissed webmail accounts, passwords wheren't easy
> to guess.
>
> I'd like to add an increasing delay for failed logins and a captcha, is it
> possible?
>
> For IMAP and SMTP access I use fail2ban, but using it for for webmail
> access DoS attacks would be unacceptable frequently, all logins are from
> localhost (127.0.0.1)
>
> TIA,
>
> --
> Seb
> --
> users@sogo.nu
> https://inverse.ca/sogo/lists
>
>
> --
> users@sogo.nu
> https://inverse.ca/sogo/lists
>
> --
> users@sogo.nu
> https://inverse.ca/sogo/lists
>
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] webmail login attacks - captcha?

2018-04-25 Thread "George C. Aquino" 
Dear Sir,

Good morning and glad to being connected within here and can you help me to
log in correctly coz I could not do so far. Thnx, Gery.

On Wed, Apr 25, 2018 at 1:00 PM, Christoph Kreutzer  wrote:

> Hi,
>
> If the IPs are all 127.0.0.1 in SOGos log, then you did not correctly
> configure Apache to forward the IPs like proxies do. I think that is
> mentioned in the manual.
>
> Christoph
>
> Am 24.04.2018 um 21:48 schrieb Sergio Cesar winc (ser...@winc.net) <
> users@sogo.nu>:
>
> I wonder if one could user the webserver authentication and pass it to
> SOGo or roundcube. Than fail2ban will catch the ip from the http log.
>
> SC
>
>
> From: Sebastián Meyer
> Sent: Tuesday, April 24, 9:51 AM
> Subject: [SOGo] webmail login attacks - captcha?
> To: users@sogo.nu
>
>
> Hi,
>
> I have a couple of compromissed webmail accounts, passwords wheren't easy
> to guess.
>
> I'd like to add an increasing delay for failed logins and a captcha, is it
> possible?
>
> For IMAP and SMTP access I use fail2ban, but using it for for webmail
> access DoS attacks would be unacceptable frequently, all logins are from
> localhost (127.0.0.1)
>
> TIA,
>
> --
> Seb
> --
> users@sogo.nu
> https://inverse.ca/sogo/lists
>
>
> --
> users@sogo.nu
> https://inverse.ca/sogo/lists
>
> --
> users@sogo.nu
> https://inverse.ca/sogo/lists
>
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] webmail login attacks - captcha?

2018-04-25 Thread Christoph Kreutzer 
Hi,

If the IPs are all 127.0.0.1 in SOGos log, then you did not correctly configure 
Apache to forward the IPs like proxies do. I think that is mentioned in the 
manual.

Christoph

> Am 24.04.2018 um 21:48 schrieb Sergio Cesar winc (ser...@winc.net) 
> :
> 
> I wonder if one could user the webserver authentication and pass it to SOGo 
> or roundcube. Than fail2ban will catch the ip from the http log.
> 
> SC
> 
> 
> From: Sebastián Meyer
> Sent: Tuesday, April 24, 9:51 AM
> Subject: [SOGo] webmail login attacks - captcha?
> To: users@sogo.nu
> 
> 
> Hi,
> 
> I have a couple of compromissed webmail accounts, passwords wheren't easy to 
> guess.
> 
> I'd like to add an increasing delay for failed logins and a captcha, is it 
> possible?
> 
> For IMAP and SMTP access I use fail2ban, but using it for for webmail access 
> DoS attacks would be unacceptable frequently, all logins are from localhost 
> (127.0.0.1)
> 
> TIA,
> 
> --
> Seb
> -- 
> users@sogo.nu
> https://inverse.ca/sogo/lists
> 
> 
> -- 
> users@sogo.nu
> https://inverse.ca/sogo/lists
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] v2 on stretch

2018-04-25 Thread mj 

Hi Slávek,

Thanks for your reply and insight.

Strange that we are using the official apt repo, and have a lesser user 
experience than with your alternative repo.


(which i did not know that existed, btw)

Anyway, thanks again!

MJ

On 04/25/2018 02:36 AM, Slávek Banko (slavek.ba...@axis.cz) wrote:

Hi,

the problem is that in Debian Stretch, SOGo v3 packages are included in
the official Debian distribution. If you select SOGo v2 packages from
official Inverse repository, they will be updated to distribution
packages and will cause conflicts.

The solution would be if packages for SOGo v2 were set to "epoch" - in
this way packages will be "newer" than SOGo v3 in Stretch - see packages
in my alternative repository.

Another solution is to modify the apt configuration to 'pin' packages for
desired version or to set a higher priority for the Inverse repository.

Cheers


--
users@sogo.nu
https://inverse.ca/sogo/lists